Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

WebSphere and MS ADAM

33 views
Skip to first unread message

johan.j...@se.ibm.com

unread,
Sep 15, 2005, 8:21:34 AM9/15/05
to
Hi,
I'm using WebSphere 5.0.2 and MS ADAM for Single Sign On. It works fine with regular Active Directory but it doesn't work for ADAM. Is this configuration supposed to work? I thought Active Directory and ADAM would look the same from a client perspective?

Thanks
//Johan

Paul Ilechko

unread,
Sep 15, 2005, 8:41:31 AM9/15/05
to

"Doesn't work" is a remarkably vague statement. You would probably have
more chance of getting help if you were a teeny bit more explicit.

johan.j...@se.ibm.com

unread,
Sep 19, 2005, 6:23:35 AM9/19/05
to
I get this msg, the user exist in ADAM and that can be verified with LDAP browser.


[9/19/05 12:14:44:226 CEST] 612d1a6d UserRegistryI A SECJ0136I: Custom Registry:com.ibm.ws.security.registry.ldap.LdapRegistryImpl has been initialized
[9/19/05 12:14:44:450 CEST] 612d1a6d LdapRegistryI E SECJ0352E: Could not get the users matching the pattern wasadmin because of the following exception javax.naming.AuthenticationException: [LDAP: error code 49 - 80090304: LdapErr: DSID-0C090311, comment: AcceptSecurityContext error, data 20ee, va28]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2750)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2696)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2497)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2414)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:258)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:91)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java(Compiled Code))
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java(Inlined Compiled Code))
at javax.naming.InitialContext.init(InitialContext.java(Inlined Compiled Code))
at javax.naming.InitialContext.<init>(InitialContext.java(Compiled Code))
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java(Inlined Compiled Code))
at com.ibm.ws.security.registry.ldap.LdapRegistryImpl.getDirContext(LdapRegistryImpl.java(Compiled Code))
at com.ibm.ws.security.registry.ldap.LdapRegistryImpl.search(LdapRegistryImpl.java(Compiled Code))
at com.ibm.ws.security.registry.ldap.LdapRegistryImpl.search(LdapRegistryImpl.java:1566)
at com.ibm.ws.security.registry.ldap.LdapRegistryImpl.search(LdapRegistryImpl.java:1561)
at com.ibm.ws.security.registry.ldap.LdapRegistryImpl.getUsers(LdapRegistryImpl.java:1080)
at com.ibm.ws.security.registry.ldap.LdapRegistryImpl.checkPassword(LdapRegistryImpl.java:254)
at com.ibm.ws.security.registry.UserRegistryImpl.checkPassword(UserRegistryImpl.java:245)
at com.ibm.ws.security.core.SecurityAdmin.checkPassword(SecurityAdmin.java:639)
at java.lang.reflect.Method.invoke(Native Method)
at com.tivoli.jmx.modelmbean.MMBInvoker.invoke(MMBInvoker.java:46)
at com.tivoli.jmx.modelmbean.MMBInvoker.invokeOperation(MMBInvoker.java:115)
at com.tivoli.jmx.modelmbean.DynamicModelMBeanSupport.invoke(DynamicModelMBeanSupport.java:409)
at javax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.java:323)
at com.tivoli.jmx.GenericMBeanSupport.invoke(GenericMBeanSupport.java:178)
at com.tivoli.jmx.MBeanAccess.invoke(MBeanAccess.java:113)
at com.tivoli.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:290)
at com.ibm.ws.management.AdminServiceImpl.invoke(AdminServiceImpl.java:658)
at com.ibm.ws.console.security.ConnectToRuntime.authenticate(ConnectToRuntime.java:99)
at com.ibm.ws.console.security.SecurityValidation.runtimeCheck(SecurityValidation.java:236)
at com.ibm.ws.console.security.SecurityValidation.validate(SecurityValidation.java:204)
at com.ibm.ws.console.security.SecurityDetailAction.perform(SecurityDetailAction.java:175)
at org.apache.struts.action.ActionServlet.processActionPerform(ActionServlet.java:1791)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1586)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:510)
at javax.servlet.http.HttpServlet.service(HttpServlet.java(Compiled Code))
at javax.servlet.http.HttpServlet.service(HttpServlet.java(Compiled Code))
at com.ibm.ws.cache.servlet.ServletWrapper.serviceProxied(ServletWrapper.java(Inlined Compiled Code))
at com.ibm.ws.cache.servlet.CacheHook.handleFragment(CacheHook.java(Compiled Code))
at com.ibm.ws.cache.servlet.CacheHook.handleServlet(CacheHook.java(Compiled Code))
at com.ibm.ws.cache.servlet.ServletWrapper.service(ServletWrapper.java(Compiled Code))
at com.ibm.ws.webcontainer.servlet.StrictServletInstance.doService(StrictServletInstance.java(Compiled Code))
at com.ibm.ws.webcontainer.servlet.StrictLifecycleServlet._service(StrictLifecycleServlet.java(Compiled Code))
at com.ibm.ws.webcontainer.servlet.IdleServletState.service(StrictLifecycleServlet.java(Compiled Code))
at com.ibm.ws.webcontainer.servlet.StrictLifecycleServlet.service(StrictLifecycleServlet.java(Inlined Compiled Code))
at com.ibm.ws.webcontainer.servlet.ServletInstance.service(ServletInstance.java(Compiled Code))
at com.ibm.ws.webcontainer.servlet.ValidServletReferenceState.dispatch(ValidServletReferenceState.java(Compiled Code))
at com.ibm.ws.webcontainer.servlet.ServletInstanceReference.dispatch(ServletInstanceReference.java(Inlined Compiled Code))
at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.handleWebAppDispatch(WebAppRequestDispatcher.java(Compiled Code))
at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.dispatch(WebAppRequestDispatcher.java(Compiled Code))
at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.forward(WebAppRequestDispatcher.java(Compiled Code))
at com.ibm.ws.webcontainer.srt.WebAppInvoker.doForward(WebAppInvoker.java(Compiled Code))
at com.ibm.ws.webcontainer.srt.WebAppInvoker.handleInvocationHook(WebAppInvoker.java(Compiled Code))
at com.ibm.ws.webcontainer.cache.invocation.CachedInvocation.handleInvocation(CachedInvocation.java(Compiled Code))
at com.ibm.ws.webcontainer.cache.invocation.CacheableInvocationContext.invoke(CacheableInvocationContext.java(Compiled Code))
at com.ibm.ws.webcontainer.srp.ServletRequestProcessor.dispatchByURI(ServletRequestProcessor.java(Compiled Code))
at com.ibm.ws.webcontainer.oselistener.OSEListenerDispatcher.service(OSEListener.java(Compiled Code))
at com.ibm.ws.webcontainer.http.HttpConnection.handleRequest(HttpConnection.java(Compiled Code))
at com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnection.java(Compiled Code))
at com.ibm.ws.http.HttpConnection.run(HttpConnection.java(Compiled Code))
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:672)

[9/19/05 12:14:44:465 CEST] 612d1a6d LdapRegistryI E SECJ0336E: Authentication failed for user wasadmin because of the following exception
[9/19/05 12:14:44:476 CEST] 612d1a6d SecurityAdmin E SECJ0297E: Error checking password for user :wasadmin. The exception is .
[9/19/05 12:14:44:507 CEST] 612d1a6d TraceNLS u Unable to load ResourceBundle com.ibm.ws.console.core.resources.ConsoleAppResources
[9/19/05 12:14:44:506 CEST] 612d1a6d ConnectToRunt E security.ctr.ckpwd.exception
[9/19/05 12:14:44:519 CEST] 612d1a6d TraceNLS u Unable to load ResourceBundle com.ibm.ws.console.core.resources.ConsoleAp

DC

unread,
Oct 4, 2005, 12:04:30 PM10/4/05
to
Johan, did you resolve the problem?
If so, pray tell, how?

-Dino


<johan.j...@se.ibm.com> wrote in message
news:215322886.1127125445...@ltsgwas007.sby.ibm.com...

wjo...@perficient.com

unread,
Oct 4, 2005, 12:51:26 PM10/4/05
to
I have implemented MS ADAM with wps 5.1. only needed a minor edit in the wmm.xml file but the timing was important. Let me know if you need more detail.

johan.j...@se.ibm.com

unread,
Oct 4, 2005, 3:30:50 PM10/4/05
to
Thanks! I have not managed to solve this problem, so any details are more than welcome.

//Johan

Wayne Jones

unread,
Oct 4, 2005, 4:24:28 PM10/4/05
to
Johan,

I completed this work for a client and documented the process i detail. If you would like me to send you some documentation email me at waynej...@gmail.com.

Wayne Jones

unread,
Oct 4, 2005, 4:36:07 PM10/4/05
to
The biggest difference in using ADAM vs AD is ADAM uses a different object class for the user object. AD uses a user object called 'user' while ADAM uses 'userproxy'. In our case we edited the wmm.xml file with the following...

1 Open the /apps/WebSphere/PortalServer/wmm/wmm.xml and add the searchFilter parameter the ORIGINAL is directly below:
<supportedLdapEntryTypes>
<supportedLdapEntryType name=?Person?
rdnAttrTypes=?cn?
objectClassesForRead=?userProxy?
objectClassesForWrite=?userProxy?
searchBases=?ou=users,o=alticor?/>
<supportedLdapEntryType name=?Group?
2 The new tag should look as follows:
<supportedLdapEntryTypes>
<supportedLdapEntryType name=?Person?
rdnAttrTypes=?cn?
objectClassesForRead=?userProxy?
objectClassesForWrite=?userProxy?
searchBases=?ou=users,o=alticor?
searchFilter=?(ObjectClass=userProxy)?/>
<supportedLdapEntryType name=?Group?

johan.j...@se.ibm.com

unread,
Oct 6, 2005, 8:36:02 AM10/6/05
to
Thanks for the hint, WASND does not have wmm.xml, but maybe there is an equivalent. I will check.

//Johan

Wayne Jones

unread,
Oct 6, 2005, 9:27:26 AM10/6/05
to
Yeah, my bad. for some reason I thought you were dealing with Websphere Portal... no wmm.xml
0 new messages